Comparing 0963dd381c..ae21a93679 - claude-plugins-official - Gitea: Git with a cup of tea

zhanj/claude-plugins-official

mirror of https://github.com/anthropics/claude-plugins-official.git synced 2026-05-19 21:02:40 +00:00

Author	SHA1	Message	Date
Bryan Thompson	ae21a93679	Bump snowflake-cortex-code to v3.1.0 (#1932 )	2026-05-19 18:55:48 +01:00
Tobin South	6a05dc286d	Add 24 first-party plugins from major-brand orgs (#1919 ) Promote first-party plugins from recognizable companies that publish deep, actively-maintained Claude Code plugins from their official GitHub orgs. All entries are SHA-pinned to current default-branch HEAD. Development: - apollo-skills (Apollo GraphQL): 14 GraphQL skills + Apollo MCP server - appwrite (Appwrite): 11 SDK skills + 2 commands + dual MCP - forge-skills (Atlassian): Forge scaffold/review/debug + 2 hosted MCPs - buildkite (Buildkite): 6 CI/CD skills + hosted MCP - circle-skills (Circle): 16 USDC/stablecoin dev skills + hosted MCP - codspeed (CodSpeed): perf profiling skills + remote MCP - dominodatalab (Domino Data Lab): 22 skills + 3 agents + bundled MCP - lumen (Ory): local semantic code-search MCP + auto-index hooks - mcp-apps (Model Context Protocol): MCP Apps SDK skills - resend (Resend): email API/CLI/React Email skills + bundled MCP - teamcity-cli (JetBrains): TeamCity CI/CD CLI agent skill - togetherai-skills (Together AI): 12 inference/training/GPU skills Database: - clickhouse-best-practices (ClickHouse): 28 schema/query/ingestion rules - datahub-skills (DataHub): 12 catalog/lineage/quality skills + 4 agents - duckdb-skills (DuckDB): 9 file-query/docs/extension skills - redis-development (Redis): data structures, query engine, vector search Security: - duende-skills (Duende): 22 OAuth/OIDC/IdentityServer skills + 2 agents - workos (WorkOS): AuthKit/SSO/Directory Sync/RBAC router skill Monitoring: - rootly (Rootly): 18 incident-management skills + 3 agents + hosted MCP - sentry-cli (Sentry): Sentry CLI agent skill Design: - hyperframes (HeyGen): 15 HTML-to-video framework skills - runway-api (Runway): 17 video/image/audio generation skills Productivity / Location: - hunter (Hunter.io): 9 prospecting skills + remote MCP - mapbox (Mapbox): 19 geospatial skills + 3 remote MCP servers Source structure: 19 repo-root plugins (url source), 5 subdirectory plugins (git-subdir source). All cross-referenced against existing entries to avoid duplicates. Two candidates excluded pending upstream fixes: - launchdarkly: plugin.json has unrecognized 'logo' key (schema error) - medusa-dev: skill has malformed YAML frontmatter	2026-05-19 08:20:20 -05:00
Tobin South	d42e163958	Bump 25 plugin SHA pins to upstream HEAD (huggingface–railway) (#1914 ) * Bump 26 plugin SHA pins to upstream HEAD * Revert mercadopago SHA bump The new upstream SHA adds a PreToolUse hook that fires on every Bash/Edit/Write/Read in all sessions and globally blocks reading .env files, regardless of project relevance. The policy scan flags this as out of scope for what the plugin description advertises. Leave at the prior pin until the upstream gates the hook on project relevance.	2026-05-19 08:19:35 -05:00
Bryan Thompson	4bf08583c3	Add carta-crm and carta-investors plugins (#1877 )	2026-05-19 05:04:40 +01:00
Tobin South	9f0275ae44	Add convex-backend plugin (#1918 )	2026-05-18 16:56:50 -07:00
Tobin South	0b9a622ecb	Fix broken plugin source configs and bump their SHAs (#1915 ) * Fix broken plugin source configs and bump their SHAs Several external plugins had source configs that no longer matched the upstream layout, so the automated SHA bump skipped them indefinitely. Add the missing path field where the manifest moved into a subdirectory, correct stale ref/commit metadata, and update the skills list for the one strict:false skills-only entry. - rc, revenuecat: upstream moved the plugin from repo root into revenuecat/. Add path and bump SHA. - zilliz: plugin moved from repo root into plugins/zilliz/. Add path and bump SHA. - sumup: plugin lives at providers/claude/plugin/ (declared by the upstream marketplace.json) but our entry never had a path. Add it and bump SHA. - mintlify: pure SHA bump. Repo layout unchanged between SHAs; the upstream remains a marketplace-style repo with no plugin.json, same as the currently pinned SHA. - netsuite-suitecloud (strict:false skills entry): bump SHA and add the four new skill directories upstream added since the last pin. - 42crunch-api-security-testing: ref said v1.0.1 but the pinned SHA is actually v1.5.5. Correct the label; the SHA is already current. - jfrog: commit and sha fields had drifted apart. Set both to upstream HEAD. Each new SHA verified to be on the upstream default branch and the referenced manifest validated with claude plugin validate. * Revert mintlify and netsuite-suitecloud changes The validate-plugins check requires a plugin manifest at the pinned SHA even for strict:false entries. Neither repo has one at any SHA, so a SHA bump fails CI. Leave them at the existing pin until either the upstream adds a manifest or the validator learns to honor strict:false.	2026-05-18 23:33:38 +01:00
Tobin South	b7c0654137	Raise bump cap with verdict cache and skip-and-revert (#1913 ) * Cache scan verdicts and drop policy-failing entries from bump PRs Three changes that together let the nightly bump clear any backlog in a single run without blocking on a single bad upstream or re-burning Claude time on already-scanned SHAs: - bump-plugin-shas.yml: raise max-bumps default 20 -> 130 (above the external entry count, so a single run can clear a full backlog) and add an explicit 60-min job timeout. The cap was the only thing bounding the blast radius of a single policy failure; the changes below take over that role so the cap can be lifted. - scan-plugins.yml: add a verdict cache keyed on (plugin, sha, policy hash). The bump action force-resets bump/plugin-shas every night, which makes the same SHAs reappear in the diff on consecutive nights — without the cache the scan would re-burn ~90s of Claude time per entry per night. Cached verdicts (pass and fail) are served from disk; only uncached SHAs are scanned. The job still fails on cached failures so the required check stays honest. - revert-failed-bumps.yml (new): after a Scan Plugins workflow_run on bump/plugin-shas concludes with a failure, drop just the failing entries' source.sha back to main's pin via a follow-up signed commit and re-dispatch the scan. The re-dispatch finds only cached-pass entries and goes green in seconds. Bounded at 3 passes/night, restricted to SHA-only diffs, and aborts if the bump branch was tampered with. * Harden bump cache and revert workflows after review - revert-failed-bumps: replace the time-based revert budget (anchored on the PR head, which a revert commit immediately replaces — never accumulating past 1) with a commit count: every nightly bump force- resets to one commit and every revert pass adds exactly one, so commits > MAX+1 is the budget without date math, pagination, or exposure to comment spoofing. - revert-failed-bumps: filter the bump PR by head owner so a fork PR with a branch named bump/plugin-shas can't be selected. - revert-failed-bumps: continue-on-error on the artifact download so a scan that died before uploading (infra error) doesn't fail the revert job — the missing-file guard downstream handles it. - scan-plugins: add a per-ref concurrency group so concurrent scans don't lose one another's cache writes; key the cache on run_attempt so a re-run can save its own verdicts. - scan-plugins: store the full source object in the cache and require source equality on lookup, so a repo/path change at the same SHA misses the cache instead of getting a stale verdict. - scan-plugins / revert-failed-bumps: strip markdown control chars, wrap model-generated text in code spans (neutralizes auto-linked URLs), and redact key-shaped tokens before they reach the step summary, artifact, cache, or PR comment.	2026-05-18 20:55:20 +01:00
Tobin South	af4e1ad69e	Bump 21 plugin SHA pins to upstream HEAD (#1911 )	2026-05-18 20:55:03 +01:00
Tobin South	de2bcc9411	Bump 27 plugin SHA pins to upstream HEAD (#1912 )	2026-05-18 20:52:54 +01:00

1 changed files with 476 additions and 80 deletions

556

.claude-plugin/marketplace.json

View File

File diff suppressed because it is too large Load Diff